About “IL:Trojan.MSILMamut.683 (B)” infection

The IL:Trojan.MSILMamut.683 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILMamut.683 (B) virus can do?

Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine IL:Trojan.MSILMamut.683 (B)?


File Info:
name: D0501B55E24AEE5303D5.mlw
path: /opt/CAPEv2/storage/binaries/82cda0a657f91d4cee566d2333e2aeff908e56843fd1d7201fe090628203e048
crc32: E85416DE
md5: d0501b55e24aee5303d5806f5f859d66
sha1: 7bb87a420944941aeff1e0ada19d8f15cf36bb6a
sha256: 82cda0a657f91d4cee566d2333e2aeff908e56843fd1d7201fe090628203e048
sha512: 4afecd6f39e693106701a133451c301358753b49838f32c9fef5b09a8d73b4324432300062894821af0eacc1ffb88adcf83b59f0a3317e360d2b1a08639e698f
ssdeep: 49152:6PI6jtzfa6bvb3u8SWIUUAd2NNaoP2dZNS7:6Aq7bvb9U2WaYmZ4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4859D027E40CB12E0985773C2EFC94487F0AD556AA6E31B7EAA33AD15013A77C5D9CB
sha3_384: ffc5c145d66b1ac55ee4597c81cb7cc25a1a106ace2aceac8ae3acbe1b23e8a85234d3f99a0f915d46c6a7acad971588
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-04-17 21:52:13

Version Info:
ProductName: i1v49ba0y0
CompanyName: ZmDbHzVt68Zdr
InternalName: 77z9ZU.exe
LegalCopyright: R0qMAkI6utFA
Comments: mRbfuFbm6UIPTzB011GyCI8f
OriginalFilename: GCNoZtTsjUjKFeTioU.exe
ProductVersion: 819.149.317.884
FileVersion: 113.855.434.643
Translation: 0x0409 0x0514

IL:Trojan.MSILMamut.683 (B) also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
DrWeb	BackDoor.DarkCrystal.19
MicroWorld-eScan	IL:Trojan.MSILMamut.683
ALYac	IL:Trojan.MSILMamut.683
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
K7GW	Spyware ( 0058ff0e1 )
K7AntiVirus	Spyware ( 0058ff0e1 )
Arcabit	IL:Trojan.MSILMamut.683
BitDefenderTheta	Gen:NN.ZemsilF.34638.Xr0@aaDQsSei
Cyren	W32/MSIL_Agent.LQ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Spy.Agent.DVA
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.DCRat.gen
BitDefender	IL:Trojan.MSILMamut.683
Avast	Win32:RATX-gen [Trj]
Ad-Aware	IL:Trojan.MSILMamut.683
Emsisoft	IL:Trojan.MSILMamut.683 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.d0501b55e24aee53
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
GData	IL:Trojan.MSILMamut.683
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.FUJL.C5092210
Acronis	suspicious
McAfee	Trojan-FUJL!D0501B55E24A
MAX	malware (ai score=86)
VBA32	TScope.Trojan.MSIL
Malwarebytes	Malware.AI.2465182831
Rising	Trojan.Generic/MSIL@AI.90 (RDM.MSIL:cKXFkkcXWzBrb2k8FYQaKg)
Yandex	TrojanSpy.Agent!uiE0ucQuCoY
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DTR!tr.spy
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.5e24ae

How to remove IL:Trojan.MSILMamut.683 (B)?

IL:Trojan.MSILMamut.683 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X